Electronic mail (“e-mail”) messages may be encoded using one of a number of known protocols. Some of these protocols, such as Secure Multiple Internet Mail Extensions (“S/MIME”) for example, rely on public and private encryption keys to provide confidentiality and integrity, and on a Public Key Infrastructure (PKI) to communicate information that provides authentication and authorization. Data encoded using a private key of a private key/public key pair can only be decoded using the corresponding public key of the pair. Similarly, data encoded using the public key of a private key/public key pair can only be decoded using the corresponding private key of the pair. The authenticity of public keys used in the encoding of messages may be validated using certificates. For example, if a user of a computing device (e.g. a mobile device) wishes to encrypt a message before the message is sent to a particular individual, the user will require a certificate for that individual. That certificate will typically comprise the public key of the individual, as well as other identification-related information. If the requisite certificate for the intended recipient is not already stored on the user's computing device, the certificate must first be retrieved. Searching for and retrieving a certificate for a specific recipient is a process that generally involves querying a certificate server, by having the user manually enter the name and/or e-mail address of the intended recipient in a search form displayed on the computing device, such as that provided in a certificate browser, for example.
In an example implementation of a first type, all of the certificates located in the search are then temporarily downloaded to the computing device for processing so that a list of the located certificates may be displayed to the user in the certificate browser. A user may select certificates identified in the list, and the selected certificates may be more permanently stored in a non-volatile store on the computing device for potential future use. In an example implementation of a second type, instead of temporarily downloading all of the certificates located in the search to the computing device in the first instance, only certain data needed to generate the list of certificates located in the search may be initially downloaded to the computing device. The list is displayed to a user, and typically identifies each located certificate using the common name and e-mail address of the individual to whom the respective certificate has been issued. Only after the user selects one or more specific certificates from the list are any certificates downloaded (i.e. the user-selected ones) to the computing device for storage. In particular, if the computing device is a mobile device, deferring the downloading of certificates to the mobile device and only downloading the user-selected certificates can significantly minimize waste of resources.